[LINK] E-books said to be "utterly unneeded"
Wed, 8 Aug 2001 12:30:12 +0100
ATM PIN, sure, but how do you use your credit card without giving the number
to waiters, rental car clerks, hotel receptions, phone companies etc. My
suggestion is that a number in clear text indented on a card in your wallet
that you give to complete strangers to make it work (so is inherently
insecure) but you would be reluctant to widely distribute to a completely
unknown audience (like on the net) is not a bad choice as a personal
It is privatish with some penalties for careless distribution, but not so
secret/secure that it shouldn't be revealed at all (like a PIN).
On the plus side, there are already laws for fraud that go a fair way to
stopping abuse, but they are not good enough to make a use distribute their
CC number without some care.
The other clever thing is that to get the encrypted text in the first place
you must give your card number. That means a potential cracker must either
purchase a legitimate copy of each text they wanted to crack, or convince
users who have bought a copy to send it to them, with the potential that the
recipient could discover the senders CC number from the file itself, even if
it was not also sent.
By linking the text and the CC number it discourages anonymous "swapping" of
even the encrypted files in a way other schemes haven't.
The result is that even though I do believe the scheme has been cracked, it
is difficult to get hold of the content illegitimately.
Which is about as good a content protection scheme as you will get, as they
can all be circumvented some way/eventually.
From: Craig Sanders
>i certainly wouldn't give my credit card number to even a close friend
>or family member. even my partner doesn't know my CC or ATM PIN number
>and i don't know hers.
>it's not a matter of trust, it's a matter of appropriate paranoia :)